Threat Management, Threat Intelligence, Vulnerability Management, Endpoint/Device Security

Antivirus tools spoofed in Israel-targeted attack campaign

Privacy concept: computer keyboard with Key icon and word Phishing on enter button background, 3d render

Numerous Israeli IT, software development, and staffing services firms have been compromised with malware through Word and PDF documents that impersonate antivirus tools as part of the Operation IconCat campaign that commenced last month, Cyber Security News reports.

Intrusions commenced with the distribution of a Check Point security scanner manual-spoofing PDF file that lures targets into downloading the password-protected "Security Scanner" tool from Dropbox that enables the download of the Python-based PYTRIC malware, which not only performs file scanning and checks admin privileges but also enables system data deletion and remote machine control, according to Seqrite Labs researchers.

Threat actors then delivered a spear-phishing email purporting to be from Israeli human resources firm L.M Group that contained a corrupted Word file in the second attack wave. Included in the Word document were concealed macros that allowed the injection of the RUSTRIC malware, which monitors for over two dozen antivirus offerings.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds